Roger Needham, Computer Security Expert, Dies at 68

By STEVE LOHR

Published: March 6, 2003

Roger M. Needham, a leading computer scientist who did pioneering work on security software, led Cambridge University's computer science laboratory for 15 years and started Microsoft's first overseas research lab, died Friday at his home in Coton, England. He was 68.

The cause was cancer, said Maurice Wilkes, a friend and colleague.

In a career that spanned more than four decades, Mr. Needham made contributions to a range of computing disciplines, including systems design, operating systems and networking. Still, his most enduring research was done in computer security.

In 1967, he devised a method for encrypting password files in a secure way. In 1978, Mr. Needham in collaboration with another computer scientist, Michael Schroeder, published his research for identifying users by exchanging data, usually in passwords, in computer systems with many users. The technology, widely known in computer security, is called the Needham-Schroeder protocol for authentication.

Anyone sitting at a personal computer today, typing a password into a corporate network or a Web site, is probably using security software that makes use of Mr. Needham's inventions.

"When you sign on with a password, the technology you are using owes a debt to the work that Roger did, dating back to the 1960's," said Richard Rashid, a computer scientist and senior vice president for research at Microsoft. "That's how powerful his ideas have been."

Mr. Needham came to computer security as a byproduct of working on systems and early high-speed local networks like the Cambridge Ring and Fast Ring projects with university colleagues, including Mr. Wilkes, David Wheeler and Andrew Hopper. The Cambridge Ring projects were research forerunners of today's commercial networks like automated teller machine networks.

It was thinking about a system for allowing many people to gain access to a network that prompted Mr. Needham to address the problems of security, identity and authentication. "Roger Needham was one of the first people to recognize that computer security was important," said Matt Blaze, a computer security expert at AT&T Labs.

Indeed, despite his contributions to computing theory, Mr. Needham always thought of himself mostly as an engineer, trying to solve one practical problem after another. Colleagues say he did not care much for the term computer scientist, regarding it as a bit of a misnomer.

"I think the whole of computer science is engineering," Mr. Needham said two years ago. "Not everyone agrees with me, of course."

Cambridge was known for its pragmatic approach to computing long before Mr. Needham arrived in the early 1960's. Under Mr. Wilkes, the Cambridge lab is widely credited with getting the first working stored-program computer, the Edsac, up and running. In 1951, Mr. Wilkes, Mr. Wheeler and Stanley Gill, wrote the first textbook for computer programming, "The Preparation of Programs for an Electronic Digital Computer."

Mr. Needham, who became a researcher at the Cambridge lab in 1963 and succeeded Mr. Wilkes as director in 1980, carried on and reinforced the emphasis on practical work. He would always tell his graduate students to do research that really mattered. "Good research is done with a shovel, not with tweezers," Mr. Needham once said. "You should find an area where you can get a lot out of it fast."

His message was delivered to his students through constant contact. He was a scholar who roamed the lab, former students say, instead of working from an office. He ate lunch with the students most days. He paced as he talked during his impromptu tutorials, which frequently continued during evenings over a pint of beer at the Eagle Tavern.

"Once he got started talking to you he couldn't help himself and he couldn't sit down," said Bjarne Stroustrup, who went on to Bell Labs and created the C++ computer language, one of the most popular programming tools in use today. "And Roger Needham certainly reinforced my practical bent, that what you should do is work on ideas for making things better."

At a gathering for Mr. Needham last month, a couple of dozen leading computer scientists delivered papers in Cambridge as a tribute to their colleague. Frail and in a wheelchair, Mr. Needham put a workman's hardhat on his head, saying that he was very much a practical engineer, to the end. "It was quite effective," Mr. Wilkes said.

Born on Feb. 9, 1935, Mr. Needham grew up in Doncaster in northern England, the son of an engineer who designed coal-making machinery. Mr. Needham won a scholarship to Cambridge, where he received his Ph.D. in 1961. In 1958, he married Karen Sparck Jones, another graduate student at Cambridge. While working on their Ph.D. theses, the couple built the house they lived in for the next 40 years. Ms. Sparck Jones, a Cambridge professor, survives her husband.

Around Cambridge, Mr. Needham was known for his unassuming ways — his means of transport was a battered old bicycle — and his left-wing politics, having been a Labor Party district councilor for 15 years.

His socialist sympathies certainly made no difference to Microsoft, a paragon of capitalism, when it recruited him to set up a corporate research lab in Cambridge, which opened in 1997. For his part, Mr. Needham saw the job as another way to encourage the kind of pragmatic computing research he preferred.

"If there wasn't an industry concerned with making and using computers the subject wouldn't exist," he explained. "It's not like physics — physics was made by God, but computer science was made by man. It's there because the industry's there."